Closed weiss closed 2 years ago
firefart
commented
2 years ago @weiss good catch thanks! I currently have no IPv6 enabled turn server at hand for testing but pushed a quick fix to the main branch. Can you please test if this now works with eturnal ?
weiss
commented
2 years ago Seems you're setting the length to 5 byte now (the payload + 4 bytes of padding) :smile:
firefart
commented
2 years ago Jeah the RFC is not clear about this whether the length value should include the reserved bytes or not, wireshark decodes it correctly but that does not mean anything :)
This page https://docs.microsoft.com/en-us/openspecs/office_protocols/ms-turn/e7efc457-9312-4a6b-8089-94032a599198 means to always set the length to 0x0004 so will try that
firefart
commented
2 years ago With the latest changes:
can you please try again?
weiss
commented
2 years ago Jeah the RFC is not clear about this whether the length value should include the reserved bytes or not,
I think the answer is "yes it should include them", it's one byte payload plus three reserved bytes, no?
always set the length to
0x0004so will try that
Yes I'm pretty sure that's what the RFC is trying to say as well. Wireshark and other servers can obviously decode things just fine by accepting other lengths (as long as they match reality), I'm just deliberately picky in eturnal.
can you please try again?
Works just fine now, thank you very much for the super-quick fix! :+1:
firefart
commented
2 years ago Thanks! Uploaded version v0.4.0 with this fix: https://github.com/firefart/stunner/releases/tag/v0.4.0
thanks again for the report!
stunner sets the length of the
REQUESTED-ADDRESS-FAMILYattribute to 1 byte, whereas the "length of this attribute is 4 bytes" as per RFC 6256 (just as for e.g.REQUESTED-TRANSPORT, which does have the correct length):(Wireshark calls it
REQUESTED-ADDRESS-TYPE, as that was the initial name for attribute0x0017.)At least eturnal rejects requests for this reason (because "be strict in what you accept").
Many thanks for this great tool!